Franklin Simmons is BusinessPundit's Tech Editor. His life is consumed with a love of augmented reality, mobility, and emerging technology. He extensively covers all areas of technology, including the computing, automotive, and healthcare sectors. He can be reached at FranklinSimmons@BusinessPundit.com or (929) 265-0240.

Hackers have discovered a way to defeat two-factor authentication

Two-factor authentication adds an extra layer of protection to a users online accounts.

When using the extra security layer, a password must be entered into a users account and then a temporary code known as a one-time password (OTP) is sent to the account owner’s smartphone. That code must then be entered to complete the login process.

Hackers have found a way to defeat two-factor authentication by sneaking a piece of rogue malware onto their smartphones.

Researchers at cybersecurity firm Symantec have discovered malware that can steal OTP codes and use this to hijack a user’s accounts.

The Malware has been found on Android smartphones and is known as Android.Bankosy.

Android.Bankosy redirects the user’s phone calls to the phone of the attacker, letting them steal the OTP code and access the account.

Many two-factor authentication systems use text messages and Symantec says it has discovered malware capable of stealing those codes as well.

This type of hack is especially lucrative to hackers because many banking systems now use two-factor authentication to protect users who access their accounts from desktops, tablets, and mobile devices.

Before hackers can use this type of two-factor malware they must first gain access to a user’s smartphone and install malicious code. Smartphone users are urged to keep their device software up-to-date and avoid downloading software from third-party platforms outside of the Google Play store.